tarantool · laines-it · Dec 21, 2025
diff --git a/box/tarantool_test.go b/box/tarantool_test.go
@@ -446,6 +446,18 @@ func TestBox_Sugar_Schema_UserGrant_NoSu(t *testing.T) {
 	err = b.Schema().User().Create(ctx, username, box.UserCreateOptions{Password: password})
 	require.NoError(t, err)
 
+	data, err := conn.Do(tarantool.NewCallRequest("box.session.user")).Get()
+	require.NoError(t, err)
+	this_user := data[0].(string)
+
+	err = b.Session().Su(ctx, username)
+	require.NoError(t, err)
+
+	defer func() {
+		err = b.Session().Su(ctx, this_user)
+		require.NoError(t, err)
+	}()
+
 	err = b.Schema().User().Grant(ctx, username, box.Privilege{
 		Permissions: []box.Permission{
 			box.PermissionRead,
@@ -529,14 +541,32 @@ func TestSchemaUser_Revoke_WithoutSu(t *testing.T) {
 	err = b.Schema().User().Create(ctx, username, box.UserCreateOptions{Password: password})
 	require.NoError(t, err)
 
+	startPrivileges, err := b.Schema().User().Info(ctx, username)
+	require.NoError(t, err)
+
+	require.NotEmpty(t, startPrivileges)
+	// Let's choose random first privilege.
+	examplePriv := startPrivileges[0]
+
+	data, err := conn.Do(tarantool.NewCallRequest("box.session.user")).Get()
+	require.NoError(t, err)
+	this_user := data[0].(string)
+
+	err = b.Session().Su(ctx, username)
+	require.NoError(t, err)
+
+	defer func() {
+		err = b.Session().Su(ctx, this_user)
+		require.NoError(t, err)
+	}()
+
 	// Can`t revoke without su permissions.
-	err = b.Schema().User().Grant(ctx, username, box.Privilege{
-		Permissions: []box.Permission{
-			box.PermissionRead,
-		},
-		Type: box.PrivilegeSpace,
-		Name: "space1",
-	}, box.UserGrantOptions{IfNotExists: false})
+	err = b.Schema().User().Revoke(ctx,
+		username,
+		examplePriv,
+		box.UserRevokeOptions{
+			IfExists: false,
+		})
 	require.Error(t, err)
 
 	// Require that error code is ER_ACCESS_DENIED.